Within the area of cryptography and computer security, there has been substantial research on the secure creation and transfer of electronic value. This area of research is generally termed ‘electronic cash research’, although its applications in practice are much wider than the creation and circulation of electronic forms of money, as such, because the techniques extend to the creation and circulation of electronic value of any kind.
Cryptographic electronic cash systems may be based on the circulation of so-called digital currency. Electronic cash systems are generally classified as ‘on-line’ or ‘off-line’. On-line systems generally require the verification of digital currency at transaction time in order to provide for a secure system. The verification procedure may prevent spending illegitimate copies of a digital currency.
Electronic cash systems also include both token based and account/ledger based systems. In an account/ledger based system, value is represented as entries in a centralised or distributed data repository, and transactions are ledger entries containing a ‘from’ (payer) and a ‘to’ (payee) account identifier and/or other information serving as a ledger of transactions.
In some electronic digital currency token based systems value may be stored in electronic form on user's devices, much like holding a banknote, coin, or share certificate in printed or minted form. A transaction may include sending, normally though one or more electronic transmission channels digital currency from a payer to a payee. In some prior systems, a server may maintain a record of valid serial numbers for digital currency tokens, and the exchange value associated with them. When such a digital currency token is provided back to the issuer for ‘deposit’ (also referred to as ‘redemption’), it may be marked as ‘invalid’ on the server records and the exchange value provided to the user in return. An early example of such a system was called Netcash (Medvinski 1993).
Alternatively, instead of just issuing digital currency as an identification string (serial number), digital currency can be cryptographically signed by the issuer, e.g., using a cryptographic digital signature. This allows local verification, by any user in the system that this signed digital currency has indeed been issued by a given issuer. Furthermore, the issuer can add additional conditions or information to such a digital currency, which can then also be locally verified as having been added by the issuer—for example, the amount or denomination of a digital currency, or an expiry date. It will be appreciated that, in this scenario, the contents of the digital currency and authenticity of its issuer can be verified locally. Unless the digital signature is compromised, the digital currency cannot be modified by a party other than the issuer. A verification check by the issuer is now required only to prevent so-called ‘double spending’ of a digital currency, that is the improper duplication of the digital currency and the attempt to spend it more than once.
A further extension of digital currency with digital signatures is the use of the so-called “blind signature” approach. This approach allows for a secure system where a user, not the issuer, creates unsigned ‘proto digital currency tokens’, which are then provided to the issuer to sign (in what may be termed a ‘withdrawal’ transaction). At the times digital currency tokens are signed by the issuer, the issuer does not see their serial numbers, nor is the issuer able to determine them. However, the issuer can securely identify the correctness and denomination of the requested digital currency, which the issuer can then endorse with its digital signature. In order to prevent double spending under this system, it may be necessary to maintain and compare to a record of ‘spent’ digital currency, rather than a record of ‘valid’ digital currency. That is because the issuer only effectively sees the serial number of a digital currency token at the time it is returned for ‘deposit’ (or ‘redemption’). Most notably, this approach permits a user to remain anonymous during a transaction. In order to make a valid payment, the user need not disclose his identity, nor any account related to his identity, to the payee, nor to the issuer. This type of electronic cash system is therefore seen as more ‘cash-like’ in its properties, in comparison with other electronic cash systems.
Existing electronic cash systems have numerous limitations and bottlenecks. In particular, these systems are often not readily scalable, or the system security is irrevocably impacted in case of the compromise of the signature key.
Electronic cash systems utilising digital signatures rely for their security on the security of the signature key used to sign digital currency tokens. Signature keys therefore have to be heavily protected. In practice digital signature keys are usually changed at regular intervals, in order to limit exposure to risk from potential attackers. The risk level in case of a successful attack on the signature key (or its accidental or wilful disclosure) is very high, since, theoretically, the attacker can now create seemingly valid digital currency tokens in unlimited quantities. This problem is magnified by the Internet-specific problem, namely that these improperly obtained keys can be distributed rapidly and widely, and improperly signed tokens can be very rapidly distributed and redeemed on a wide scale, potentially without geographic limitations.
There may often be problems with interoperability or exchangeability of digital currency tokens issued by different issuers.
In existing systems, the double spending check may constitute a significant performance bottleneck. The task of checking against the double spending record cannot be parallelised easily, because there is a risk of potential double spending unless an unambiguously up-to-date version of the double spending record is being checked against.
Certain system properties and transaction monitoring, often required for regulatory and operational reporting purposes in the operation on electronic payment systems (such as AML-Anti Money Laundering—and suspicious transactions reporting), are difficult to achieve in electronic cash systems as described above, particularly when anonymous tokens are employed, due to several different limitations when compared to account based systems.
Some example embodiments described in the present disclosure include systems and methods for handling digital currency tokens that are more secure and more scalable, while providing improved auditability. Further example embodiments provide systems and methods that allow secure, scalable and flexible exchange of tokens of different types.